Analyse Hijackthis !!!

Question

Bonjour,

Quelqu'un peut il m'aider avec l'analyse merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:11, on 02/07/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Severine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMQ4XJD8\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [CheckUpdate] fmaj5.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Orange 8.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.1)
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: https://www.bigfishgames.fr/
O15 - Trusted Zone: http://frbigfishgames.custhelp.com
O15 - Trusted Zone: http://*.imikimi.com
O15 - Trusted Zone: https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: https://www.pandasecurity.com/
O15 - Trusted Zone: http://sdc.shockwave.com
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

anthony5151 · Answer

Bonjour,


Cette ligne indique une infection (n'essaye pas de la supprimer manuellement) :
O4 - HKLM\..\Run: [CheckUpdate] fmaj5.exe


• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments  détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

anthony5151 · Answer

/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.


/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Fais un clic-droit sur ComboFix.exe et choisis "Exécuter en temps qu'administrateur"
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Lunasev · Answer

Je n'arrive pas à télécharger Combofix

anthony5151 · Answer

Re,


Essaye avec ce lien stp

Lunasev · Answer

ok ca a marché, voici le rapport

ComboFix 09-07-01.04 - Severine 02/07/2009 21:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.33.1036.18.767.280 [GMT 2:00]
Lancé depuis: c:\users\Severine\Desktop\lunasev.exe
AV: avast! antivirus 4.8.1335 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090702-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Muestras
c:\users\Severine\AppData\Roaming\inst.exe

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_Boonty Games


(((((((((((((((((((((((((((((   Fichiers créés du 2009-06-02 au 2009-07-02  ))))))))))))))))))))))))))))))))))))
.

2009-07-02 11:25 . 2009-07-02 11:25	--------	d-----w-	c:\program files\Shareaza
2009-07-01 11:27 . 2009-07-01 11:27	--------	d-----w-	c:\users\Severine\AppData\Roaming\KodakCredentialStore
2009-07-01 11:26 . 2009-07-01 11:26	--------	d-----w-	c:\users\Severine\AppData\Local\KodakGallery
2009-07-01 11:18 . 2009-07-01 11:18	--------	d-----w-	c:\users\Severine\AppData\Roaming\Skinux
2009-07-01 10:59 . 2009-07-01 10:59	--------	d-----w-	c:\users\Severine\AppData\Local\ArcSoft
2009-07-01 10:59 . 2009-07-02 10:59	--------	d-----w-	c:\users\Severine\AppData\Roaming\Arcsoft
2009-07-01 10:58 . 2009-07-01 10:59	--------	d-----w-	c:\progra~2\ArcSoft
2009-07-01 10:57 . 2009-07-01 10:58	--------	d-----w-	c:\program files\Common Files\ArcSoft
2009-07-01 10:57 . 2009-07-01 10:57	--------	d-----w-	c:\program files\ArcSoft
2009-07-01 10:46 . 2009-07-01 10:52	--------	d-----w-	c:\program files\Common Files\Kodak
2009-07-01 10:43 . 2009-07-01 10:55	--------	d-----w-	c:\program files\Kodak
2009-07-01 10:43 . 2009-07-01 10:43	--------	d-----w-	C:\Kodak
2009-07-01 10:40 . 2009-07-01 10:41	--------	d-----w-	c:\progra~2\Kodak
2009-06-26 15:57 . 2009-06-26 15:57	--------	d-----w-	c:\windows\system\IOSUBSYS
2009-06-26 15:57 . 2009-06-26 15:57	--------	d-----w-	c:\program files\Minton Opti
2009-06-26 15:57 . 2003-01-08 15:19	18912	----a-w-	c:\windows\system32\drivers\MDSC.sys
2009-06-26 15:57 . 1998-10-29 14:45	306688	----a-w-	c:\windows\IsUninst.exe
2009-06-26 07:21 . 2009-06-26 08:37	--------	d-----w-	c:\program files\Stand O'Food 2
2009-06-26 07:21 . 2009-06-26 09:41	--------	d-----w-	c:\program files\Stand O Food
2009-06-23 09:15 . 2009-06-23 09:15	--------	d-----w-	c:\users\Severine\AppData\Roaming\Home Sweet Home 2
2009-06-23 07:57 . 2009-06-23 07:57	--------	d-----w-	c:\users\Severine\AppData\Roaming\Shape games
2009-06-21 20:21 . 2009-06-21 20:21	--------	d-----w-	c:\program files\Babylon
2009-06-21 20:21 . 2009-06-21 20:21	--------	d-----w-	c:\progra~2\Babylon
2009-06-21 20:21 . 2009-06-21 20:21	--------	d-----w-	c:\users\Severine\AppData\Roaming\Babylon
2009-06-21 09:19 . 2009-06-21 09:19	--------	d-----w-	c:\program files\Photo Story 3 for Windows
2009-06-21 08:21 . 2009-06-21 08:21	--------	d-----w-	c:\program files\UnFREEz
2009-06-21 08:02 . 2009-06-21 08:02	--------	d-----w-	c:\program files\PhotoFiltre
2009-06-20 07:47 . 2009-06-20 07:47	--------	d-----w-	c:\users\Severine\AppData\Roaming\Icones
2009-06-17 09:00 . 2009-06-17 09:00	--------	d-----w-	c:\users\Severine\AppData\Roaming\SerpentOfIsis
2009-06-16 23:07 . 2009-06-17 08:23	--------	d-----w-	c:\program files\Mah Jong Quest
2009-06-16 20:50 . 2009-06-16 20:50	--------	d-----w-	C:\games
2009-06-16 20:39 . 2009-06-16 20:39	--------	d-----w-	c:\progra~2\Messenger Plus!
2009-06-16 20:37 . 2009-06-16 20:37	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-06-16 20:37 . 2009-06-16 20:37	--------	d-----w-	C:\Boonty
2009-06-15 14:23 . 2009-06-15 14:23	--------	d-----w-	c:\users\Severine\AppData\Roaming\gtk-2.0
2009-06-15 14:23 . 2009-06-15 14:23	--------	d-----w-	c:\users\Severine\.thumbnails
2009-06-15 09:50 . 2009-06-15 09:50	--------	d-----w-	c:\users\Severine\AppData\Roaming\BigFishv1002fr
2009-06-15 07:42 . 2009-06-25 12:01	--------	d-----w-	c:\program files\Google
2009-06-15 07:20 . 2009-06-24 16:20	--------	d-----w-	c:\progra~2\NOS
2009-06-15 07:20 . 2009-06-24 16:20	--------	d-----w-	c:\program files\NOS
2009-06-14 15:01 . 2009-06-14 15:02	--------	d-----w-	c:\program files\Mystery PI - The New York Fortune
2009-06-14 15:01 . 2009-06-14 15:01	--------	d-----w-	c:\users\Severine\AppData\Roaming\Boolat Games
2009-06-14 12:54 . 2009-04-30 12:42	428032	----a-w-	c:\windows\system32\EncDec.dll
2009-06-14 12:54 . 2009-04-30 12:52	292352	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-14 12:54 . 2009-04-30 12:44	1244672	----a-w-	c:\windows\system32\mcmde.dll
2009-06-10 13:55 . 2009-06-10 13:55	285696	----a-w-	c:\windows\system32\fmaj5.exe
2009-06-10 11:05 . 2009-04-21 12:04	2028032	----a-w-	c:\windows\system32\win32k.sys
2009-06-10 11:05 . 2009-04-23 12:56	696832	----a-w-	c:\windows\system32\localspl.dll
2009-06-10 11:04 . 2009-05-09 05:50	915456	----a-w-	c:\windows\system32\wininet.dll
2009-06-10 11:04 . 2009-05-09 05:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-06-10 11:04 . 2009-04-23 13:01	788992	----a-w-	c:\windows\system32pcrt4.dll
2009-06-06 16:33 . 2009-06-06 16:34	--------	d-----w-	c:\users\Severine\AppData\Local\eMule
2009-06-06 16:33 . 2009-06-06 16:33	--------	d---a-w-	c:\program files\eMule
2009-06-05 13:13 . 2009-06-05 13:13	--------	d---a-w-	c:\program files\Imikimi
2009-06-03 13:28 . 2009-06-03 13:28	--------	d-----w-	c:\users\Severine\AppData\Roaming\Flood Light Games
2009-06-03 13:28 . 2009-06-03 13:28	--------	d-----w-	c:\progra~2\Flood Light Games
2009-06-03 12:41 . 2009-06-03 12:41	--------	d-----w-	c:\users\Severine\AppData\Roaming\Saved Games
2009-06-03 10:10 . 2009-06-03 10:10	--------	d---a-w-	c:\program files\Yard Sale Hidden Treasures - Sunnyville
2009-06-03 10:09 . 2009-06-03 10:10	--------	d---a-w-	c:\program files\Paparazzi
2009-06-03 10:08 . 2009-06-03 10:09	--------	d---a-w-	c:\program files\The Scruffs
2009-06-03 10:07 . 2009-06-03 10:08	--------	d---a-w-	c:\program files\Agatha Christie - La Maison du Peril
2009-06-03 10:06 . 2009-06-03 10:07	--------	d---a-w-	c:\program files\Mystery P.I. - The Vegas Heist

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 15:23 . 2008-12-10 19:47	--------	d---a-w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-02 11:25 . 2008-11-28 14:45	--------	d-----w-	c:\users\Severine\AppData\Roaming\Shareaza
2009-07-02 05:58 . 2008-11-19 20:59	--------	d-----w-	c:\users\Severine\AppData\Roaming\FileZilla
2009-07-01 12:35 . 2007-07-27 20:36	680	----a-w-	c:\users\Severine\AppData\Local\d3d9caps.dat
2009-07-01 11:01 . 2007-01-12 03:35	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-30 12:38 . 2008-10-30 15:48	--------	d-----w-	c:\program files\BoontyGames
2009-06-26 07:24 . 2008-10-31 12:35	--------	d-----w-	c:\users\Severine\AppData\Roaming\Gaijin Ent
2009-06-23 09:18 . 2009-02-13 13:58	--------	d-----w-	c:\progra~2\Gogii
2009-06-20 10:25 . 2008-06-08 10:12	--------	d-----w-	c:\users\Severine\AppData\Roaming\GameHouse
2009-06-17 09:27 . 2008-12-10 19:47	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-10 19:47	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-15 07:34 . 2007-06-08 17:53	277312	----a-w-	c:\users\Severine\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-14 15:17 . 2008-12-20 11:43	--------	d-----w-	c:\progra~2\PlayFirst
2009-06-14 15:17 . 2007-07-24 08:06	--------	d-----w-	c:\users\Severine\AppData\Roaming\PlayFirst
2009-06-14 07:23 . 2007-01-12 03:46	--------	d-----w-	c:\program files\Roxio
2009-06-14 07:23 . 2007-01-12 03:46	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2009-06-14 07:03 . 2008-01-22 14:18	--------	d-----w-	c:\program files\Common Files\Adobe
2009-06-14 06:54 . 2009-01-12 09:01	--------	d---a-w-	c:\program files\Eurobarre
2009-06-07 11:54 . 2009-05-22 14:40	--------	d---a-w-	c:\program files\Controle Parental
2009-06-07 11:49 . 2009-05-28 15:37	--------	d-----w-	c:\program files\QuickTime
2009-06-06 16:34 . 2008-12-19 13:07	--------	d-----w-	c:\progra~2\eMule
2009-06-03 11:33 . 2009-01-25 18:46	--------	d-----w-	c:\progra~2\SpinTop Games
2009-06-03 10:07 . 2009-05-30 10:45	--------	d-----w-	c:\users\Severine\AppData\Roaming\RobinsonCrusoeBFGFR
2009-06-02 11:45 . 2007-01-12 12:15	699984	----a-w-	c:\windows\system32\perfh00C.dat
2009-06-02 11:45 . 2007-01-12 12:15	121814	----a-w-	c:\windows\system32\perfc00C.dat
2009-06-01 12:13 . 2009-02-08 20:18	--------	d-----w-	c:\program files\Nikon
2009-06-01 11:27 . 2008-09-22 18:53	--------	d-----w-	c:\users\Severine\AppData\Roaming\blg
2009-06-01 11:27 . 2008-09-22 18:53	--------	d-----w-	c:\progra~2\blg
2009-06-01 11:05 . 2009-06-01 11:04	--------	d---a-w-	c:\program files\Hidden Expedition - Amazon
2009-06-01 10:29 . 2009-02-08 20:21	--------	d-----w-	c:\program files\Common Files\Nikon
2009-06-01 10:28 . 2009-02-08 20:19	0	---h--w-	c:\progra~2\PKP_DLds.DAT
2009-05-30 10:26 . 2009-05-30 10:26	--------	d---a-w-	c:\program files\Masters of Mystery - Crime of Fashion
2009-05-30 10:20 . 2009-05-30 10:18	--------	d---a-w-	c:\program files\Les Aventures de Robinson Crusoe
2009-05-30 10:16 . 2008-12-02 06:39	--------	d---a-w-	c:\program files\bfgclient
2009-05-29 17:09 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-29 12:13 . 2008-02-25 16:48	--------	d---a-w-	c:\program files\Windows Live
2009-05-29 11:28 . 2009-05-29 11:03	--------	d-----w-	c:\program files\OrangeHSS
2009-05-29 10:27 . 2008-03-15 14:45	--------	d---a-w-	c:\program files\Microsoft Silverlight
2009-05-28 17:01 . 2009-02-08 20:29	20	---h--w-	c:\progra~2\PKP_DLec.DAT
2009-05-28 17:01 . 2009-02-08 20:19	--------	d-----w-	c:\progra~2\EnterNHelp
2009-05-28 15:50 . 2009-05-28 15:50	--------	d---a-w-	c:\program files\Common Files\muvee Technologies
2009-05-28 15:49 . 2009-02-08 20:19	--------	d-----w-	c:\progra~2\Ultima_T15
2009-05-22 08:51 . 2008-06-08 18:30	64689557	----a-w-	c:\program files\ACDSee 6 + Powerpack + Plugins + Keygen + Serial + Pack French.rar
2008-12-22 20:37 . 2008-12-22 20:37	20993024	----a-w-	c:\program files\Vista Codec Package.msi
2008-12-22 20:36 . 2008-12-22 20:37	55808	----a-w-	c:\program files\1036.MST
2008-12-01 15:51 . 2008-12-01 15:51	4360	----a-w-	c:\program files\SETUP.LST
2008-12-01 15:51 . 2008-12-01 15:51	2002501	----a-w-	c:\program files\GameLauncher.CAB
2008-12-01 15:51 . 2008-12-01 15:51	312480	----a-w-	c:\program files\User Guide.pdf
2008-03-28 21:26 . 2008-06-04 13:12	33542965	----a-w-	c:\program files\game.zxc
2008-03-28 19:30 . 2008-06-04 13:12	296	----a-w-	c:\program files\AddSplash.xml
2008-02-27 13:40 . 2008-06-04 13:13	265	----a-w-	c:\program files\GameParams.xml
2008-02-11 23:10 . 2008-05-29 07:11	495	----a-w-	c:\program files\File_id.diz
2008-02-11 23:01 . 2008-05-29 07:11	6688	----a-w-	c:\program files	RUE.nfo
2007-12-19 00:14 . 2008-05-29 07:10	118	----a-w-	c:\program files\downTURK  Kalite indir - Best downloads.url
2007-11-05 06:06 . 2008-06-16 10:38	44	----a-w-	c:\program files\Sérial.txt
2007-08-24 14:03 . 2008-06-04 13:13	70	----a-w-	c:\program files\GAMES FULL.com.url
2007-07-30 12:28 . 2008-06-04 13:12	93240	----a-w-	c:\program files\bass.dll
2007-06-29 14:38 . 2008-06-04 13:13	110484	----a-w-	c:\program files\SplashPuzzleLab.png
2006-12-05 00:00 . 2008-05-20 11:06	20277324	----a-w-	c:\program files\Westward Installer.exe
2006-08-21 03:46 . 2008-06-14 06:45	5932784	----a-w-	c:\program files\stileproject.wmv
2006-05-21 23:31 . 2008-05-31 18:28	2145147	----a-w-	c:\program filesebuilt.++++ mystery case files huntsville francais 23.rar
2006-05-21 23:28 . 2008-05-31 18:28	2247498	----a-w-	c:\program files\++++ mystery case files huntsville francais 23.exe
2006-05-21 22:09 . 2008-05-31 18:28	2247463	----a-w-	c:\program filesebuilt.++++ mystery case files huntsville francais 23.exe
2006-05-21 20:49 . 2008-05-31 18:28	15057520	----a-w-	c:\program files\Mystery Case Files Huntsville & Keygen (reflexive arcade).rar
2006-04-17 07:31 . 2008-05-31 18:28	536011	----a-w-	c:\program files\data.cab
2005-06-04 00:06 . 2008-06-27 07:17	1784894	----a-w-	c:\program files\cracked.nfo
2004-08-26 21:09 . 2008-01-21 14:13	29	----a-w-	c:\program files\Microsoft Office Edition 2003 Professional [Fr] - Disc 1 - Word, Excel, Acces, Power Point, Outlook - Serial.txt
2004-05-16 10:18 . 2008-06-08 18:31	18650277	----a-w-	c:\program files\Patch_Paintshopro_SP_8.1_to_8.10_Fr_XP.rar
2004-04-30 21:59 . 2008-06-08 18:30	2401449	----a-w-	c:\program files\Awicons Pro 9.0.3 editeur icones extra Multilanguage.rar
2004-04-24 16:59 . 2008-01-22 13:59	110194160	----a-w-	c:\program files\Namo WebEditor suite v6.0 fr.exe
2004-01-14 10:44 . 2008-06-08 18:27	5067	----a-w-	c:\program files\Installation - Lisez-Moi.txt
2003-12-12 15:06 . 2008-06-16 10:41	581	----a-w-	c:\program files\layout.bin
2003-12-12 15:06 . 2008-06-16 10:41	156000377	----a-w-	c:\program files\data2.cab
2003-12-12 15:05 . 2008-06-16 10:39	429904	----a-w-	c:\program files\data1.hdr
2003-12-12 15:05 . 2008-06-16 10:39	4228385	----a-w-	c:\program files\data1.cab
2003-12-12 15:04 . 2008-06-16 10:41	392284	----a-w-	c:\program files\setup.boot
2003-12-12 15:04 . 2008-06-16 10:41	517155	----a-w-	c:\program files\setup.inx
2003-12-10 10:08 . 2008-06-16 10:41	450056	----a-w-	c:\program files\Setup.bmp
2003-12-09 12:52 . 2008-06-16 10:39	5870	----a-w-	c:\program files\Abcpy.ini
2003-10-28 15:37 . 2008-06-16 10:41	596	----a-w-	c:\program files\setup.ini
2003-02-27 14:16 . 2008-06-16 10:41	420432	----a-w-	c:\program files\engine32.cab
2002-10-23 15:32 . 2008-06-16 10:41	243858	----a-w-	c:\program files\setup.skin
2000-07-23 09:00 . 2008-06-09 11:14	10619	----a-w-	c:\program files	no.nfo
2000-07-23 08:52 . 2008-06-09 11:14	95790	----a-w-	c:\program files	no_ak15.exe
1999-02-17 18:11 . 2008-06-09 11:14	83968	----a-w-	c:\program files\Arkanoid.exe
1999-02-16 10:31 . 2008-06-09 11:13	4452	----a-w-	c:\program fileseadme.txt
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"CheckUpdate"="fmaj5.exe" - c:\windows\System32\fmaj5.exe [2009-06-10 285696]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-232014627-1672816523-1804446888-1002]
"EnableNotificationsRef"=dword:0000000e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{782AA259-87BA-4BE3-874C-6E563FC9274A}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{F6665EE5-2419-4897-81F0-B3D61189B862}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{18070698-C5E6-4C17-BE16-22E9876EE055}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{90E28E68-8688-42C8-829F-A1BD6EA427A8}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{F574B527-D9F2-462C-BA94-3DE54A7E473A}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{F5566B9B-269F-4A27-BB96-28DB194AEE04}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{D08C1572-752F-4393-B965-6E27D4036249}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1ADE92C5-E629-4336-8CA9-1664690F4C9E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C376DCF7-C155-4CFA-A387-0B39CAC95CBE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{240017D2-A05F-4EA4-8298-3F7788730958}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{0E719598-84C3-441B-9FD5-F10A5F23EE3C}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{823535EE-9D1E-443C-9652-5A1BBA471B85}"= UDP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{ABDEF737-44C6-451D-9C74-BBC0D9646DC5}"= TCP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{39071280-7E11-4B2D-B2CA-59B52987C5C7}"= UDP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{D1D3A56F-F59A-4345-948A-E0DDFD205052}"= TCP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{3E3BFAE4-EB44-421D-850A-F16166CA5F66}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C642B81E-503A-44ED-BEE2-E8C36068FB6A}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{63EF8A47-A851-440E-8F8F-5E64EAC16F23}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{AAB35AAF-25ED-4893-B41A-48E86C6FBEC7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{C10A2B43-D17D-4AC9-AD26-00F37CDBD064}c:\program files\namo\webeditor 6 trial\bin\webeditor.exe"= UDP:c:\program files
amo\webeditor 6 trial\bin\webeditor.exe:Namo WebEditor 6
"UDP Query User{DE06BC30-36FD-48E1-AEF7-C3EE48F8E1BD}c:\program files\namo\webeditor 6 trial\bin\webeditor.exe"= TCP:c:\program files
amo\webeditor 6 trial\bin\webeditor.exe:Namo WebEditor 6
"TCP Query User{B89714CA-8496-4B50-BBC8-2D199B715216}c:\program files\namo\webcanvas trial\bin\webcanvas.exe"= UDP:c:\program files
amo\webcanvas trial\bin\webcanvas.exe:WebCanvas Application (Version d'évaluation)
"UDP Query User{394473A6-10FE-4A70-A69D-21428E271588}c:\program files\namo\webcanvas trial\bin\webcanvas.exe"= TCP:c:\program files
amo\webcanvas trial\bin\webcanvas.exe:WebCanvas Application (Version d'évaluation)
"{493053A3-A31A-4852-9F69-030ED02E808B}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F9E1EDB2-1618-4542-8BE0-3F23B13D0E0F}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{AF2C04F2-808C-423B-90F3-0C48B437DC49}c:\program files\namo\webboard trial\server\mysql\bin\mysqld.exe"= Disabled:UDP:c:\program files
amo\webboard trial\server\mysql\bin\mysqld.exe:mysqld
"UDP Query User{78B178DB-EF74-407B-910D-96105BE386B4}c:\program files\namo\webboard trial\server\mysql\bin\mysqld.exe"= Disabled:TCP:c:\program files
amo\webboard trial\server\mysql\bin\mysqld.exe:mysqld
"TCP Query User{EAECBD7E-8803-47B0-94FC-800FB29B35EE}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C3D3C76-7DD7-453A-853F-BEBD418B5271}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E4D7B51B-7BAD-4CBD-9723-234F87249447}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{40ED0F67-A560-4574-A805-44CF5381361B}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FA484626-347E-4312-B658-C7C1384B50FE}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{EC2A2848-A529-4F9C-BE8A-79E5BD59C36A}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3F461663-BFE3-4275-8508-E63366C32421}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{34B3FE98-B6E5-49BD-8103-7302BB06E928}c:\program files\namo\webeditor 6 trial\bin\webeditor.exe"= UDP:c:\program files
amo\webeditor 6 trial\bin\webeditor.exe:Namo WebEditor 6
"UDP Query User{4B6213B3-F623-47E4-9E82-F5D0C57F7A90}c:\program files\namo\webeditor 6 trial\bin\webeditor.exe"= TCP:c:\program files
amo\webeditor 6 trial\bin\webeditor.exe:Namo WebEditor 6

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\Program Files\Winsos\winsos.exe"= c:\program files\Winsos\winsos.exe:*:Enabled:Winsos
"c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/11/2008 11:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/11/2008 11:46 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [02/11/2008 11:46 51792]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 12:34 507136]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [10/12/2008 21:47 38160]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [11/07/2007 11:59 28224]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Orange 8.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET


.
------- Examen supplémentaire -------
.
uStart Page = www.orange.fr
mStart Page = hxxp://lo.st
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bigfishgames.fr\www
Trusted Zone: custhelp.com\frbigfishgames
Trusted Zone: imikimi.com
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: macromedia.com\www
Trusted Zone: mappy.com
Trusted Zone: microsoft.com\support
Trusted Zone: orange.fr
Trusted Zone: pandasecurity.com\www
Trusted Zone: shockwave.com\sdc
Trusted Zone: voila.frw.search.ke
Trusted Zone: weborama.fr\orange
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 22:19
Windows 6.0.6000  NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-232014627-1672816523-1804446888-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**¬*ˆ%\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-232014627-1672816523-1804446888-1002\Software\SecuROM\License information*]
"datasecu"=hex:ae,ec,cc,a1,ec,68,29,28,4d,04,01,c8,41,33,af,98,3f,2c,15,99,8c,
   54,00,bc,e8,19,24,8c,2b,1c,a5,7d,32,f8,d8,89,f1,b8,f1,ed,2f,f5,30,74,ec,08,\
"rkeysecu"=hex:1c,a0,89,9d,63,bd,a1,50,a0,4c,62,05,dc,c1,bf,f0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1a1a6148-8fe7-40de-b5fb-65192c41053e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bbf62bd4-96c1-4581-b32c-aa35bf66f603}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001921
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1328)
c:\program files\OrangeHSS\Launcher\Inactivity.Dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\2\FTRTSVC.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\OrangeHSS\Systray\SystrayApp.exe
c:\program files\OrangeHSS\Deskboard\Deskboard.exe
c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe
c:\program files\OrangeHSS\Connectivity\corecom\CoreCom.exe
c:\program files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-07-02 22:30 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-07-02 20:30

Avant-CF: 87 494 541 312 octets libres
Après-CF: 87 275 790 336 octets libres

345	--- E O F ---	2009-06-29 16:12

Analyse Hijackthis !!!

5 réponses

Votre réponse

Discussions similaires

Newsletters